Changeset 25318

Show
Ignore:
Timestamp:
30.03.2012 16:37:23 (8 years ago)
Author:
ak19
Message:

The process of hashing the password is modified to use US-ASCII charset instead of UTF-8 (to make the hex value of it be of an acceptable length, avoiding an SQLException). And then this hashed password is converted to its hex value. This appears to avoid the problem of a login failure occurring in LibraryServlet? on otherwise acceptable strings, despite such password strings matching whatever is already stored in the database.

Files:
1 modified

Legend:

Unmodified
Added
Removed
  • main/trunk/greenstone3/src/java/org/greenstone/gsdl3/service/Authentication.java

    r25311 r25318  
    99import org.w3c.dom.NodeList; 
    1010 
     11import java.math.BigInteger; 
    1112import java.util.ArrayList; 
    1213import java.util.HashMap; 
     
    694695            MessageDigest digest = MessageDigest.getInstance("SHA-1"); 
    695696            digest.reset(); 
    696             hashedPassword = new String(digest.digest(password.getBytes("UTF-8"))); 
     697            hashedPassword = new String(digest.digest(password.getBytes("US-ASCII"))); // toHex after using ASCII charset will result in acceptable length of hex string 
     698            hashedPassword = toHex(hashedPassword); // this conversion is required to avoid the strange error of login failure on some legal password strings 
    697699        } 
    698700        catch (Exception ex) 
     
    702704        return hashedPassword; 
    703705    } 
     706 
     707 
     708     
     709    // This method can also be used for printing out the password in hex (in case 
     710    // the password used the UTF-8 Charset), or the hex values in any unicode string. 
     711    // From http://stackoverflow.com/questions/923863/converting-a-string-to-hexadecimal-in-java 
     712    public static String toHex(String arg) { 
     713    try { 
     714        return String.format("%x", new BigInteger(arg.getBytes("US-ASCII"))); // set to same charset as used by hashPassword 
     715    } catch (Exception e) { // UnsupportedEncodingException 
     716        e.printStackTrace(); 
     717    }  
     718    return "Unable to print"; 
     719    } 
     720 
    704721 
    705722    private void checkAdminUserExists()